| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Changelog:
Bugfixes
http://www.oracle.com/technetwork/java/javase/2col/8u51-bugfixes-2587594.html
Bug Id Category Subcategory Description
JDK-8071668 client-libs java.awt [macosx] Clipboard does not work with 3rd parties Clipboard Managers
JDK-8077685 core-libs java.util:i18n (tz) Support tzdata2015d
JDK-8075602 deploy Applet throws java.security AccessControlException in java console when playing it
JDK-8079223 deploy unnecessary performance degradation caused by fix to JDK-8052111
JDK-8069161 deploy plugin Slow cache performance since JRE 7u06
JDK-8076343 deploy plugin JNLP property apple.laf.useScreenMenuBar no longer treated as secure for Mac OS
JDK-8071897 deploy webstart JRE 8U25 and 8u31 b32 cannot launch Java Web Start with proxy pac but works fine for 7u67
JDK-8078815 deploy webstart Launching of jnlp app fails with JNLPException
JDK-8035938 hotspot jvmti Memory leak in JvmtiEnv::GetConstantPool
JDK-8064546 security-libs javax.crypto CipherInputStream throws BadPaddingException if stream is not fully read
JDK-8078439 security-libs org.ietf.jgss SPNEGO auth fails if client proposes MS krb5 OID
JDK-8073357 xml jaxb schema1.xsd has wrong content. Sequence of the enum values has been changed
JDK-8073385 xml jaxp Bad error message on parsing illegal character in XML attribute
JDK-8074297 xml jaxp substring in XSLT returns wrong character if string contains supplementary chars
Fix following security bugs.
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
CVE-2015-4760
CVE-2015-2628
CVE-2015-4731
CVE-2015-2590
CVE-2015-4732
CVE-2015-4733
CVE-2015-2638
CVE-2015-4736
CVE-2015-4748
CVE-2015-2597
CVE-2015-2664
CVE-2015-2632
CVE-2015-2601
CVE-2015-2613
CVE-2015-2621
CVE-2015-2659
CVE-2015-2619
CVE-2015-2637
CVE-2015-2596
CVE-2015-4749
CVE-2015-4729
CVE-2015-4000
CVE-2015-2808
CVE-2015-2627
CVE-2015-2625
|
|
but is necessary for a Makefile substitution in that package.
|
|
|
|
06 Aug 2015, PHP 5.6.12
- Core:
. Fixed bug #70012 (Exception lost with nested finally block). (Laruence)
. Fixed bug #70002 (TS issues with temporary dir handling). (Anatol)
. Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive
method calls). (Stas)
. Fixed bug #69892 (Different arrays compare indentical due to integer key
truncation). (Nikita)
. Fixed bug #70121 (unserialize() could lead to unexpected methods execution
/ NULL pointer deref). (Stas)
- CLI server:
. Fixed bug #69655 (php -S changes MKCALENDAR request method to MKCOL). (cmb)
. Fixed bug #64878 (304 responses return Content-Type header). (cmb)
- GD:
. Fixed bug #53156 (imagerectangle problem with point ordering). (cmb)
. Fixed bug #66387 (Stack overflow with imagefilltoborder). (cmb)
. Fixed bug #70102 (imagecreatefromwebm() shifts colors). (cmb)
. Fixed bug #66590 (imagewebp() doesn't pad to even length). (cmb)
. Fixed bug #66882 (imagerotate by -90 degrees truncates image by 1px). (cmb)
. Fixed bug #70064 (imagescale(..., IMG_BICUBIC) leaks memory). (cmb)
. Fixed bug #69024 (imagescale segfault with palette based image). (cmb)
. Fixed bug #53154 (Zero-height rectangle has whiskers). (cmb)
. Fixed bug #67447 (imagecrop() add a black line when cropping). (cmb)
. Fixed bug #68714 (copy 'n paste error). (cmb)
. Fixed bug #66339 (PHP segfaults in imagexbm). (cmb)
. Fixed bug #70047 (gd_info() doesn't report WebP support). (cmb)
- ODBC:
. Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined
columns). (cmb)
- OpenSSL:
. Fixed bug #69882 (OpenSSL error “key values mismatch” after
openssl_pkcs12_read with extra cert) (Tomasz Sawicki)
. Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically
secure). (Stas)
- Phar:
. Improved fix for bug #69441. (Anatol Belski)
. Fixed bug #70019 (Files extracted from archive may be placed outside of
destination directory). (Anatol Belski)
- SOAP:
. Fixed bug #70081 (SoapClient info leak / null pointer dereference via
multiple type confusions). (Stas)
- SPL:
. Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject
items). (sean.heelan)
. Fixed bug #70166 (Use After Free Vulnerability in unserialize() with
SPLArrayObject). (taoguangchen at icloud dot com)
. Fixed bug #70168 (Use After Free Vulnerability in unserialize() with
SplObjectStorage). (taoguangchen at icloud dot com)
. Fixed bug #70169 (Use After Free Vulnerability in unserialize() with
SplDoublyLinkedList). (taoguangchen at icloud dot com)
- Standard:
. Fixed bug #70096 (Repeated iptcembed() adds superfluous FF bytes). (cmb)
|
|
06 Aug 2015, PHP 5.5.28
- Core:
. Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive
method calls). (Stas)
. Fixed bug #69892 (Different arrays compare indentical due to integer key
truncation). (Nikita)
. Fixed bug #70002 (TS issues with temporary dir handling). (Anatol)
. Fixed bug #70121 (unserialize() could lead to unexpected methods execution
/ NULL pointer deref). (Stas)
- OpenSSL:
. Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically
secure). (Stas)
- Phar:
. Improved fix for bug #69441. (Anatol Belski)
. Fixed bug #70019 (Files extracted from archive may be placed outside of
destination directory). (Anatol Belski)
- SOAP:
. Fixed bug #70081 (SoapClient info leak / null pointer dereference via
multiple type confusions). (Stas)
- SPL:
. Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject
items). (sean.heelan)
. Fixed bug #70166 (Use After Free Vulnerability in unserialize() with
SPLArrayObject). (taoguangchen at icloud dot com)
. Fixed bug #70168 (Use After Free Vulnerability in unserialize() with
SplObjectStorage). (taoguangchen at icloud dot com)
. Fixed bug #70169 (Use After Free Vulnerability in unserialize() with
SplDoublyLinkedList). (taoguangchen at icloud dot com)
|
|
06 Aug 2015 PHP 5.4.44
- Core:
. Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive
method calls). (Stas)
. Fixed bug #69892 (Different arrays compare indentical due to integer key
truncation). (Nikita)
. Fixed bug #70121 (unserialize() could lead to unexpected methods execution
/ NULL pointer deref). (Stas)
- OpenSSL:
. Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically
secure). (Stas)
- Phar:
. Improved fix for bug #69441. (Anatol Belski)
. Fixed bug #70019 (Files extracted from archive may be placed outside of
destination directory). (Anatol Belski)
- SOAP:
. Fixed bug #70081 (SoapClient info leak / null pointer dereference via
multiple type confusions). (Stas)
- SPL:
. Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject
items). (sean.heelan)
. Fixed bug #70166 (Use After Free Vulnerability in unserialize() with
SPLArrayObject). (taoguangchen at icloud dot com)
. Fixed bug #70168 (Use After Free Vulnerability in unserialize() with
SplObjectStorage). (taoguangchen at icloud dot com)
. Fixed bug #70169 (Use After Free Vulnerability in unserialize() with
SplDoublyLinkedList). (taoguangchen at icloud dot com)
|
|
something in op.c (as miniop.c) is mis-compiled with this option which
is enabled by -O2, when using GCC 4.5. i didn't try to figure out
exactly what as op.c is 419,359 bytes long and the assembler output
is almost 100% different and approximiately 1.5MB either way (the
diff of the asm output is larger than the combined inputs), so for now
we have this hack. this problem doesn't appear to occur in newer GCC.
XXX: pullup to 2015Q2.
|
|
|
|
except that camlp5 is now compatible with ocaml 4.02.3.
|
|
include:
Bug fixes:
- Top-level custom printing for GADTs: interface change in 4.02.2
(Grégoire Henry, report by Jeremy Yallop)
- corrupted final_table (ygrek)
- R#6926: Regression: ocamldoc lost unattached comment
(Damien Doligez, report by François Bobot)
- Aliased result type of GADT constructor results in assertion failure
(Jacques Garrigue)
Feature wishes:
- PR#6691: install .cmt[i] files for stdlib and compiler-libs
(David Sheets, request by Gabriel Radanne)
- New primitive: caml_alloc_dummy_function
(Hugo Heuzard)
|
|
|
|
|
|
Changes:
* The MAC OS X YOSEMITE compatibility problems are fixed. We
bundled a patched Pango text-drawing library with Racket.
* The WINDOWS [32-bit] releases fixes the window-update crashes.
We bundled a patched Cairo drawing library with Racket.
* TYPED RACKET closes two safety holes in the exception system.
The revised type system restricts `raise' to send only
instances of the `exn' structure type and flat data to
handlers. It also checks exception handlers properly.
NOTE: Previously well-typed programs may fail to typecheck.
* TYPED RACKET'S typed regions support casts and predicates.
* 2HTDP/IMAGE'S notion of equality ignores an image's baseline.
* The PACKAGE MANAGER supports a binary library installation mode,
which allows users to install packages without source or
documentation. Use the `--binary-lib' option with `raco pkg
install'.
* The new DRRACKET-TOOL-LIB package factors out parts of DrRacket's
IDE so that they can be reused with other editors, such as Emacs.
* The COMPILER'S use-before-defined analysis has been repaired for
certain forms of nested `letrec', some `let' forms, and some
uses of `set!' or `with-continuation-mark'.
* The COMPILER performs additional bytecode optimizations.
Thanks to Gustavo Massaccesi.
* The CML library comes with a new `replace-evt' event constructor.
Thanks to Jan Dvorak.
* REDEX'S benchmark suite comes with a description of the benchmark
programs.
* REDEX'S metafunctions can be typeset using the "large left brace"
notation for conditionals.
* The CONTRACT library comes with an improved `contract-stronger?'.
Its error messages note that the contract itself might be wrong.
* The GUI library is DPI-aware on Windows.
* The OPENSSL library supports Server Name Indication for servers.
Thanks to Jay Kominek.
* The SYNTAX/PARSE library allows the definition of new pattern
forms via pattern expanders, similar to match expanders.
Thanks to Alex Knauth.
* OpenGL on Linux no longer depends on libgtkgl, and core profiles
are supported (see `set-legacy?').
* The TEACHING LANGUAGES' unit test framework supports
`check-satisfied', a construct for checking whether a result
satisfies a predicate, e.g.: (check-satisfied (sort l) sorted?)
|
|
|
|
This is mostly a bugfix release, containing quite a lot of accumulated
bug fixes but relatively few new features. Nevertheless, there are a
great many changes in this release since 4.9.0. It has three security
bugfixes: for CVE-2014-6310, CVE-2014-9651 and CVE-2015-4556.
Another important security-related cleanup/improvement is related to path
expansion: many file procedures in CHICKEN used to automatically and
implicitly convert paths containing tilde ("~") characters to $HOME,
and expand shell variables. This behaviour was deprecated in 4.9.0,
and has now been removed, in favor of the "pathname-expand" egg.
A few of the build variables have been renamed, so if you have a custom
build script, please review the NEWS file carefully.
Other notable changes:
* The performance of reading and writing SRFI-4 u8vectors has been
substantially improved.
* Various bugs in the functors implementation have been fixed, making
them better usable.
* chicken.h can once more be correctly compiled with a C++ compiler.
* The -r5rs-syntax flag has been fixed to enforce r5rs syntax.
For the full list of changes, see bundled NEWS or
http://code.call-cc.org/releases/4.10.0/NEWS-4.10.0
|
|
|
|
gcc 4.8.x in NetBSD 7/-current)
|
|
NetBSD tree
|
|
|
|
$PREFIX/go14.
Go 1.5 is going to be released soon, and it will depend on an existing
installation of Go 1.4 to compile. So let's provide one.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Changelog:
GCC 5.2
This is the [42]list of problem reports (PRs) from GCC's bug tracking
system that are known to be fixed in the 5.2 release. This list might
not be complete (that is, it is possible that some PRs that have been
fixed are not listed here).
Target Specific Changes
IA-32/x86-64
* Support for new AMD instructions monitorx and mwaitx has been
added. This includes new intrinsic and built-in support. It is
enabled through option -mmwaitx. The instructions monitorx and
mwaitx implement the same functionality as the old monitor and
mwait instructions. In addition mwaitx adds a configurable timer.
The timer value is received as third argument and stored in
register %ebx.
For questions related to the use of GCC, please consult these web
pages and the [43]GCC manuals. If that fails, the
[44]gcc-help@gcc.gnu.org mailing list might help. Comments on these
web pages and the development of GCC are welcome on our developer
list at [45]gcc@gcc.gnu.org. All of [46]our lists have public
archives.
Copyright (C) [47]Free Software Foundation, Inc. Verbatim copying and
distribution of this entire article is permitted in any medium,
provided this notice is preserved.
These pages are [48]maintained by the GCC team. Last modified
2015-07-16[49].
References
42. https://gcc.gnu.org/bugzilla/buglist.cgi?bug_status=RESOLVED&resolution=FIXED&target_milestone=5.2.0
43. https://gcc.gnu.org/onlinedocs/
44. mailto:gcc-help@gcc.gnu.org
45. mailto:gcc@gcc.gnu.org
46. https://gcc.gnu.org/lists.html
47. http://www.fsf.org/
48. https://gcc.gnu.org/about.html
49. http://validator.w3.org/check/referer
|
|
|
|
and the unversioned one.
As discussed on tech-pkg.
|
|
Bug-fix release.
|
|
|
|
- Starting from 18.0 Erlang/OTP is released under the APL 2.0
- erts: The time functionality has been extended. This includes a new API
for time, as well as "time warp" modes which alters the behavior when
system time changes. You are strongly encouraged to use the new API
instead of the old API based on erlang:now/0. erlang:now/0 has been
deprecated since it is a scalability bottleneck.
- erts: Beside the API changes and time warp modes a lot of scalability
and performance improvements regarding time management has been made
- erts: The previously introduced "eager check I/O" feature is now enabled
by default.
- erts/compiler: enhanced support for maps. Big maps new uses a HAMT
(Hash Array Mapped Trie) representation internally which makes them more
efficient. There is now also support for variables as map keys.
- dialyzer: The -dialyzer() attribute can be used for suppressing warnings
in a module by specifying functions or warning options.
- ssl: Remove default support for SSL-3.0 and added padding check
for TLS-1.0 due to the Poodle vulnerability.
- ssl: Remove default support for RC4 cipher suites, as they are consider
too weak.
- stdlib: Allow maps for supervisor flags and child specs
- stdlib: New functions in ets:
- take/2. Works the same as ets:delete/2 but
also returns the deleted object(s).
- ets:update_counter/4 with a default object as
argument
Full changelog:
http://www.erlang.org/download/otp_src_18.0.readme
|
|
|
|
|
|
The GNU Compiler Collection (GCC) includes front ends for C, C++, Objective-C,
Fortran, and Go, as well as libraries for these languages (libstdc++,
libgfortran, ...).
This packages provides GCC support libraries in a specific location and allows
packages to depend on just the libraries rather than having to pull in the full
GCC package.
|
|
The GNU Compiler Collection (GCC) includes front ends for C, C++, Objective-C,
Fortran, Java, and Go, as well as libraries for these languages (libstdc++,
libgcj,...). This package provides the snapshot release of version 5.
On NetBSD a working cabsl function must be present in libm to build gfortran.
This has been added to -current on 2014/10/10 and to NetBSD7 on 2014/10/13.
|
|
|
|
|
|
10 Jul 2015, PHP 5.6.11
- Core:
. Fixed bug #69768 (escapeshell*() doesn't cater to !). (cmb)
. Fixed bug #69703 (Use __builtin_clzl on PowerPC).
(dja at axtens dot net, Kalle)
. Fixed bug #69732 (can induce segmentation fault with basic php code).
(Dmitry)
. Fixed bug #69642 (Windows 10 reported as Windows 8).
(Christian Wenz, Anatol Belski)
. Fixed bug #69551 (parse_ini_file() and parse_ini_string() segmentation
fault). (Christoph M. Becker)
. Fixed bug #69781 (phpinfo() reports Professional Editions of Windows
7/8/8.1/10 as "Business"). (Christian Wenz)
. Fixed bug #69740 (finally in generator (yield) swallows exception in
iteration). (Nikita)
. Fixed bug #69835 (phpinfo() does not report many Windows SKUs).
(Christian Wenz)
. Fixed bug #69892 (Different arrays compare indentical due to integer key
truncation). (Nikita)
. Fixed bug #69874 (Can't set empty additional_headers for mail()), regression
from fix to bug #68776. (Yasuo)
- GD:
. Fixed bug #61221 (imagegammacorrect function loses alpha channel). (cmb)
- GMP:
. Fixed bug #69803 (gmp_random_range() modifies second parameter if GMP
number). (Nikita)
- PCRE:
. Fixed Bug #53823 (preg_replace: * qualifier on unicode replace garbles the
string). (cmb)
. Fixed bug #69864 (Segfault in preg_replace_callback) (cmb, ab)
- PDO_pgsql:
. Fixed bug #69752 (PDOStatement::execute() leaks memory with DML
Statements when closeCuror() is u). (Philip Hofstetter)
. Fixed bug #69362 (PDO-pgsql fails to connect if password contains a
leading single quote). (Matteo)
. Fixed bug #69344 (PDO PgSQL Incorrect binding numeric array with gaps).
(Matteo)
- SimpleXML:
. Refactored the fix for bug #66084 (simplexml_load_string() mangles empty
node name). (Christoph Michael Becker)
- SPL:
. Fixed bug #69737 (Segfault when SplMinHeap::compare produces fatal error).
(Stas)
. Fixed bug #67805 (SplFileObject setMaxLineLength). (Willian Gustavo Veiga).
. Fixed bug #69970 (Use-after-free vulnerability in
spl_recursive_it_move_forward_ex()). (Laruence)
- Sqlite3:
. Fixed bug #69972 (Use-after-free vulnerability in
sqlite3SafetyCheckSickOrOk()). (Laruence)
|
|
09 Jul 2015, PHP 5.5.27
- Core:
. Fixed bug #69768 (escapeshell*() doesn't cater to !). (cmb)
. Fixed bug #69703 (Use __builtin_clzl on PowerPC).
(dja at axtens dot net, Kalle)
. Fixed bug #69732 (can induce segmentation fault with basic php code).
(Dmitry)
. Fixed bug #69642 (Windows 10 reported as Windows 8).
(Christian Wenz, Anatol Belski)
. Fixed bug #69551 (parse_ini_file() and parse_ini_string() segmentation
fault). (Christoph M. Becker)
. Fixed bug #69781 (phpinfo() reports Professional Editions of Windows
7/8/8.1/10 as "Business"). (Christian Wenz)
. Fixed bug #69835 (phpinfo() does not report many Windows SKUs).
(Christian Wenz)
. Fixed bug #69892 (Different arrays compare indentical due to integer key
truncation). (Nikita)
. Fixed bug #69874 (Can't set empty additional_headers for mail()), regression
from fix to bug #68776. (Yasuo)
- GD:
. Fixed bug #61221 (imagegammacorrect function loses alpha channel). (cmb)
- Mysqlnd:
. Fixed bug #69669 (mysqlnd is vulnerable to BACKRONYM) (CVE-2015-3152).
(Andrey)
- PCRE:
. Fixed Bug #53823 (preg_replace: * qualifier on unicode replace garbles the
string). (cmb)
. Fixed bug #69864 (Segfault in preg_replace_callback) (cmb, ab)
- PDO_pgsql:
. Fixed bug #69752 (PDOStatement::execute() leaks memory with DML
Statements when closeCuror() is u). (Philip Hofstetter)
. Fixed bug #69362 (PDO-pgsql fails to connect if password contains a
leading single quote). (Matteo)
. Fixed bug #69344 (PDO PgSQL Incorrect binding numeric array with gaps).
(Matteo)
- Phar:
. Fixed bug #69958 (Segfault in Phar::convertToData on invalid file). (Stas)
. Fixed bug #69923 (Buffer overflow and stack smashing error in
phar_fix_filepath). (Stas)
- SimpleXML:
. Refactored the fix for bug #66084 (simplexml_load_string() mangles empty
node name). (Christoph Michael Becker)
- SPL:
. Fixed bug #69737 (Segfault when SplMinHeap::compare produces fatal error).
(Stas)
. Fixed bug #67805 (SplFileObject setMaxLineLength). (Willian Gustavo Veiga).
|
|
09 Jul 2015 PHP 5.4.43
- Core:
. Fixed bug #69768 (escapeshell*() doesn't cater to !). (cmb)
. Fixed bug #69874 (Can't set empty additional_headers for mail()), regression
from fix to bug #68776. (Yasuo)
- Mysqlnd:
. Fixed bug #69669 (mysqlnd is vulnerable to BACKRONYM) (CVE-2015-3152).
(Andrey)
- Phar:
. Fixed bug #69958 (Segfault in Phar::convertToData on invalid file). (Stas)
. Fixed bug #69923 (Buffer overflow and stack smashing error in
phar_fix_filepath). (Stas)
|
|
PR 49082.
|
|
2015.07.09, Version 0.12.7 (Stable)
* openssl: upgrade to 1.0.1p
* npm: upgrade to 2.11.3
* V8: cherry-pick JitCodeEvent patch from upstream (Ben Noordhuis)
* win,msi: create npm folder in AppData directory (Steven Rockarts)
|
|
changes in sbcl-1.2.13 relative to sbcl-1.2.12:
* incompatible change: on success, TRY-SEMAPHORE and WAIT-ON-SEMAPHORE
return the new count
* enhancement: WAIT-ON-SEMAPHORE accepts a decrement parameter
* enhancement: JOIN-THREAD allows distinguishing timeout vs. abort in all
situations
* enhancement: On Windows DBG_PRINTEXCEPTION_C is handled and its message is
printed. (lp#1437947)
* bug-fix: TRUENAME works properly on broken symlinks presented as
directories. (lp#1458164)
* bug fix: Inlined DPB and DEPOSIT-FIELD don't interfere with left-to-right
order of argument evaluation. (lp#1458190)
* bug fix: (SETF (LDB (BYTE 1 2 JUNK) X) 0) is rightly rejected.
* bug fix: DEFSETF lambda lists should not permit argument destructuring.
* bug fix: calls to (SETF SLOT-VALUE) on a missing slot would in certain
situations incorrectly return the result of a SLOT-MISSING method
instead of always returning the new value. (lp#1460381)
* bug fix: a DEFMACRO occurring not at toplevel and capturing parts of
its lexical environment (thus being a closure) caused expressions
involving the macro name to cause corruption in the pretty-printer
due to faulty introspection of the lambda list of a closure.
* bug fix: out of line MAP/MAP-INTO check that the results produced by the
function are of the matching sequence type. (lp#1459581)
* bug fix: pretty-printing of '(LET `((,X ,Y)) :B) is handled correctly.
|
|
|
|
Use HAS_CONFIGURE, as the configure script is not a standard GNU
script that pkgsrc expects and configure breaks with non-builtin libiconv.
|
|
only skip them in file checking but actively delete them at the end of the
install.
Fixes some OSX fallout that jperkin@ was seeing, plus PR pkg/49071.
|
|
2015.07.03, Version 0.12.6 (Stable)
* V8: fix out-of-band write in utf8 decoder
This is an important security update as this bug can be used to cause
a denial of service attack.
|
|
BulkTracker for pointing me to this bug.
|
